aeGet your people interested in cyber security and you become more resilient. Here’s how to go about it, starting with the potential end of the world.
Uranium centrifuges facilitate either nuclear power or nuclear weapons.
They’re powerful, valuable and extremely dangerous when in the wrong hands.
Stuxnet, meanwhile, is a software that causes irreparable damage to Siemens motors – which are often connected to Uranium centrifuges.
In 2010, Stuxnet began attacking Siemens motors.
Now – why is it people are largely disinterested in cyber security training?
Cyber security still unexciting
It’s a strange state of affairs.
As is evident from the above Stuxnet tale, today’s cyber security stories often rival those of a James Bond thriller.
Few people really see it that way, though, so clearly our industry is failing to make the topic of cyber security as engaging as it should be.
That perhaps explains why people are still the number one cause of breaches all around the world – and it begs the question that’s the focus of this article:
How can you ensure your people take more of an interest in cyber security?
Using psychology to boost engagement in cyber security
It’s a question we ask constantly as we develop CybSafe. More specifically, we’re interested in how we can use learnings from psychology to make cyber security training both more appealing and more memorable.
The following list offers ten potential solutions, all of which are built into the CybSafe platform.
1. Use story
Stanford University research suggests stories are up to 22 times more memorable than facts alone. The scholar Jonathan Gottschall goes even further, claiming stories help us make sense of the world around us and thus historically helped ensure our survival.
Including stories in cyber security training – such as the above Stuxnet story, lifted from a CybSafe module directly – is undoubtedly a sure-fire way to keep people hooked.
2. Keep things updated
Once upon a time, paying attention to the novel helped us escape threats – which is why we’re now hardwired to pay attention to anything new. It’s a phenomenon that sees babies of less than a day old instinctively staring, fascinated, at almost anything they see.
It’s also a phenomenon that ensures dated cyber security training quickly becomes dull.
As the field of information technology rapidly evolves, it’s imperative that cyber security training stays current. From the latest computer science breakthroughs to new forms of malware or cyber threats, awareness needs to be consistently sharpened, ensuring your team’s cyber defense remains robust.
Aside from educating people on new threats, constantly updating cyber security training ensures known dangers never become mundane.
3. Use multimedia
Research suggests videos are processed up to 60,000 times faster than text. Video eases cognitive strain and ensures messages sink in, yet not all cyber security training takes advantage of multimedia.
Supplementing text, images and audio with video both keeps things novel (see above) and makes cyber security training easier to take in.
4. Avoid complex
Somewhat tragically, we humans seem coded to avoid cognitive mental strain. It’s why we frequently prefer video to text and why pension enrolment rates in “opt-out” countries vastly outstrip enrolment rates in “opt-in” countries. We’re coded to avoid exertion.
The complex topic of cyber security might seem like it requires complex training, but simple, intuitive training will almost certainly be more effective than anything requiring increased effort.
5. Customise modules
As discussed elsewhere on the CybSafe blog, humans are reliant on what psychologists call schema to guide our behavior in any given situation. As an example, it’s schema that sees people wear black to funerals but not weddings.
Schema are why people tend to pay attention to cyber security during cyber security training classes but drop their guard the moment training ends.
Customizing modules allows the training to be relevant to everyone in the organization, making cyber security more engaging and memorable. Integrating elements from different job roles into the training can help modify existing workplace habits and attitudes towards cyber security.
By customising modules to embed elements of the day job into training itself, it’s possible to modify the existing workplace schema your people have. In doing so, cyber security becomes less alien, more engaging and more memorable all at once.
6. Simulate attacks
Simulating cyber attacks is perhaps the most direct way to increase engagement in cyber security training. They’re unignorable. They demand a reaction.
Not enough cyber security training providers make appropriate use of simulated attacks.
7. Share performance reports
Cyber security training is often seen as something that must be completed in addition to the day job – when it should really be viewed as part of the day job itself – and not just relevant for the job but for personal and domestic wellbeing, too.
By sharing individual cyber security performance reports (in the same way a manager might feedback on existing key performance indicators), cyber security becomes part of the day job and a way in which a business can encourage its people to really look after themselves.
Your people will only ever take cyber security as seriously as your culture allows.
8. Educate people on threats
In 2013, illegal access to a woman’s webcam could be bought for 64p online.
Whilst at CybSafe we don’t condone scaremongering, we strongly believe more should be done to educate people on threats. And just as with both stories and things that are novel, humans are evolutionarily wired to pay attention to threats.
Including training modules on threats – both personal and corporate – isn’t just socially responsible. It dramatically heightens cyber security engagement.
9. Use blended learning
Blended learning styles use multiple learning techniques to ensure individuals can tailor their learning to their specific needs.
As you might remember from your full-time education, different people learn in different ways. Forcing someone to learn in a manner that doesn’t come naturally builds resistance to any kind of training, cyber security or otherwise.
Recognizing that people have different learning styles is important. Whether it’s about explaining advanced penetration testing or teaching basic computer science or security concepts, using multiple techniques can help individuals tailor their learning to their specific needs, keeping them engaged and interested.
Blended learning can therefore keep people engaged.
10. Train everyone
Another fundamental trait of the human psyche is our desire to belong to a group of some shape or form – which explains phenomena such as peer pressure, Groupthink and football hooliganism.
In the context of cyber security, properly training your entire organization on cyber security can create a group that takes cyber security seriously. It also positions cyber security as a topic of importance and is a prerequisite to creating a culture focused on cyber security.
The role of everyone: enlisting your team in cyber security
The collaborative role of everyone in your organization is paramount when dealing with cyber threats. As a cybersecurity analyst, security engineer, or security consultant, it’s important to convey to your team how everyone’s role, technical or not, matters in safeguarding your digital assets.
The understanding and mitigation of malware, the principles of cloud security, the importance of regular penetration testing – these aren’t just the concerns of the IT department.
In fact, fostering an environment where everyone is conscious about the implications of a cyber threat can strengthen your overall defense strategy.
This collective resilience, underpinned by a security architect’s designed infrastructure and reinforced by the skills of ethical hackers, brings cyber security from the realm of the technical elite to the everyday.
By making every member of your team a part of your cyber defense, you’re integrating cyber security into the fabric of your organization’s culture.
Influencing human behavior
As you may already know, CybSafe focuses on influencing human behavior to increase cyber resilience.
We use learnings from psychology and behavioral sciences to do so in a positive way, leveraging and facilitating all of the strategies above.
While it’s true that humans remain a significant factor in security breaches, we believe in proactive measures rather than doom and gloom. Thus, we’re dedicated to making cyber security training interesting and engaging.
Interested in finding out how CybSafe can help your organization? We’d love to show you. Click here to arrange a free demo.
